-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Aloha!
(Answering my own mail, nice. ;-)
Joachim Strömbergson wrote:
> (4) I'll think I'm going to ask on the SHA-3 maillist (hosted by
> NIST) if John Kelsey & Co can provide an explanation for the
> H0-constants used in SHA-224 and SHA-1 in the same way as for
> SHA-256, SHA-512 etc. It really is a bit peculiar that they don't.
I've done this and got a response from Thomas Pornin. The problem with
FIPS 180 (including the latest versio 180-4) is that the H0 values for
SHA-1 and SHA-224 lack a stated explanation. Something that exists in
the document for SHA-256, SHA-384 etc.
For SHA-1 the H0 constants are a simple sequence pattern and according
to Thomas actually comes from MD5. Looking at the pattern it is quite
clear that it is in fact a big endian sequence:
(From sha1.c in Nettle):
/* SHA initial values */
0x67452301L,
0xEFCDAB89L,
0x98BADCFEL,
0x10325476L,
0xC3D2E1F0L,
Reading the bytes backwards and right-left it is 0..F and then an
down-up pattern with high nybble going down and low nybble going up.
The H0-values for SHA-224 is actually the low 32-bits of the H0-values
for SHA-384. An easy comparison between the values in chapter 5.3.4 of
FIPS 180-4 and chapter 5.3.2 makes it obvious. And for SHA-384 NIST in
chapter 5.3.4 states:
"These words were obtained by taking the first sixty-four bits of the
fractional parts of the square roots of the ninth through sixteenth
prime numbers."
We should therefore be able to update the shadata program to generate
the SHA-224 constants.
Suggestion: Change the comments in sha256.c (for sha224) to point to the
origin of the constants. And also add a short comment in sha1.c and
md5.c that the constants are simple patterns.
According to Thomas the sequence pattern in md5 was choosen by Rivest
quite arbitrarily.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Joachim Strömbergson Secworks AB [email protected]
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlLG/mwACgkQZoPr8HT30QFiZQCg4NyldWQEKcZOrggBr57DhwIL
u34AniQxeKTJIACLCCyWrRFcFZY87ON3
=pnp8
-----END PGP SIGNATURE-----
_______________________________________________
nettle-bugs mailing list
[email protected]
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
